New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
We need more deals to keep them packets away!
For @FAT32 sake such a pure person/admin, he deserves better.
luv u aussy boi missed u
Me too my sexc yankee-doodle
Ps buy shit on my aff garden
The attack was mjj gaybois sent by china, according to an anonymous source..
Shit, I sent @jbiloh a message, we can get LET protected if he explains the situation & wants to pay for it.
They were running it on involucrated servers, luckily they had backup
Yessir, sure.
I fell asleep last night and then an attack got through CF. Ugh!
Are people that mad because you unbanned @cociu ?
No, this attack was because someone was banned from discord.
I wasn't expecting this How do you know the source ?
Because I was alerted to it by a discord admin and the attacks began a few moments after the ban occurred.
How you gonna punish them? Should put a warning on website, DDOS attackers will be prosecuted, survivors will be prostituted involucrated.
Some people just stink.
And you are who exactly?
Hugs & Kisses
Jesus
Holy, he got summoned
Jesus ddos'd the site again.. chinese jesus?
Un-usable atm.
@jbiloh - What's the size of the attack?
@jbiloh I believe the MJJs have found out your origin. Use a firewall and DDOS-protected VPS to secure it, and on Cloudflare you have the usual IUAM.
Doing the best we can.
MJJs were talking about attacking website behind Cloudflare yesterday.
当查到 对方用 Cloudflare 后, 下一步是什么呢?
After finding the target is using Cloudflare, what's next?
当然是直接ddos cloudflare了,限他三日内交出源站否则干到他全球瘫痪
You can certainly DDoS Cloudflare, ask them to tell you the origin IP within 3 days, or you'll attack them until a global outage occurs.
一个是查域名历史解析记录,如果这个网站一开始没有套 CDN,就会发现源服务器 IP。
一个是查域名邮箱(MX 记录),域名邮箱是不走 CDN 的,所以可以查到发件服务器 IP。
一个是全球扫 IP 碰运气,如果对方没有特殊处理(比如给 IP 自签证书),那么直接访问 IP 就会泄露其他虚拟主机的证书信息。
You can query domain resolution history records. If the website did not use CDN in the past, the records would reveal origin IP.
You can query MX records, because it doesn't go though CDN, so that you can see sending IP.
You can take chances by scanning global IP addresses. If the target website did not perform special treatment (such as giving a different certificate to the IP address), directly accessing the IP would leak the certificate of available virtual hosts.
Their three attack strategies are all valid to some extent.
Countermeasures below.
Domain resolution history: use CDN since the first deployment.
Mail server leak: send and receive mail via MXroute. The headers won't include the web server IP.
Scanning global IPv4 space: use only IPv6 as your origin.
It is infeasible to scan global IPv6 space.
This is one more reason why 👉 every provider should offer IPv6.
The so-called "giving a different certificate to the IP address" is actually useless, because ClientHello could have included the target domain, and the server would return the domain's certificate if it has one.
It is possible to configure firewall to only allow Cloudflare IP Ranges, but this would require periodical updates so that it's more complex than using a random IPv6 that nobody could guess.
And all of this is supposedly because of a ban on Discord?
Do we know who?
Hang in there.
You could also use a webserver like caddy which only presents certificates if the ServerName in ClientHello matches one of the configured certificates, and sends a TLS alert otherwise.
If the DDOS has already reached the origin, it's difficult to handle it using a firewall as it would now compete for CPU with the rest of the kernel and applications. You could consider filtering IPs in the PREROUTING tables though so that the packets get dropped without conntrack being invoked.